Microsoft is expanding data loss prevention (DLP) controls to block the Microsoft 365 Copilot AI assistant from processing confidential Word, Excel, and PowerPoint documents, regardless of their location. […]
‘Arkanix Stealer’ Malware Disappears Shortly After Debut
Written in C++ and Python, the malware exfiltrates system information, browser data, and steals files.
The post ‘Arkanix Stealer’ Malware Disappears Shortly After Debut appeared first on SecurityWeek.
Identity-First AI Security: Why CISOs Must Add Intent to the Equation
AI agents now provision infrastructure and approve actions, but many inherit over-scoped privileges without proper governance. Token Security explains why CISOs must treat agents as identities and add intent-based controls so access is granted only when purpose and context align. […]
UK fines Reddit $19 million for using children’s data unlawfully
The UK Information Commissioner’s Office (ICO) has fined Reddit £14.47 million (over $19.5 million) for collecting and using the personal information of children under 13 without adequate safeguards. […]
VMware Aria Operations Vulnerability Could Allow Remote Code Execution
Broadcom has patched several vulnerabilities in VMware Aria Operations, including high-severity flaws.
The post VMware Aria Operations Vulnerability Could Allow Remote Code Execution appeared first on SecurityWeek.
UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware
A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack to likely facilitate intelligence gathering or financial theft, signaling a possible expansion of the threat actor’s targeting beyond Ukraine and into entities supporting the war-torn nation.
The activity, which targeted an unnamed entity involved in regional
The activity, which targeted an unnamed entity involved in regional
CISO Conversations: Timothy Youngblood; 4x Fortune 500 CISO/CSO
Timothy Youngblood was CISO at Dell, CISO at Kimberley-Clark, VP & CISO at McDonald’s, and SVP, CSO & Product Security Officer at T-Mobile.
The post CISO Conversations: Timothy Youngblood; 4x Fortune 500 CISO/CSO appeared first on SecurityWeek.
New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM
The malicious code propagates like a worm, poisons AI assistants, exfiltrates secrets, and contains a destructive dead switch.
The post New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM appeared first on SecurityWeek.
Critical SolarWinds Serv-U flaws offer root access to servers
SolarWinds has patched four critical Serv-U remote code execution vulnerabilities that could grant attackers root access to unpatched servers. […]
GitHub Issues Abused in Copilot Attack Leading to Repository Takeover
Attackers can inject malicious instructions in a GitHub Issue that are automatically processed by Copilot when launching a Codespace from that issue.
The post GitHub Issues Abused in Copilot Attack Leading to Repository Takeover appeared first on SecurityWeek.